Five tips for a successful zero trust journey
The beginning of a journey: Why Swisscom chose zero trust for the future of its security
In our ecosystem, we sometimes hear that security is a journey, not a destination. Sooner or later, we realize that perfect cybersecurity can never be achieved. However, it’s still important to aim for it, as the true way to enhance security is through experiences. As the head of security architecture at Swisscom, I am not only responsible for today’s security architecture, but also for what it will look like in 5 to 10 years. That’s why this journey towards a long-term security strategy is very important to me.
Four years ago, we came to the conclusion that tomorrow’s risks could not be managed by today’s technology, so we needed to build a new architecture. As the largest telecommunications company in Switzerland, Swisscom falls into the category of critical infrastructures and must take the required measures to prevent disruptions that could be caused by cyberattacks. Considering our complex technological infrastructure, security needs, customer requirements and policies, we decided that zero trust was the future.
We knew that it would be a very bumpy road with a lot of time, money and resources invested, but this is the kind of long-term project that I love because they change things fundamentally. I would like to share a few tips from what I learned during this journey.
My key takeaways
While the adoption of zero trust network access did pay off immediately, the complete overhaul of our security architecture towards a perimeter-less zero trust approach will take much longer. We are confident that adopting zero trust will have tremendous positive impact on the long run. We know that the process will still take a lot of time, but we are very satisfied with having implemented this new approach. Zero trust is becoming an important differentiator, both internally and for our customers.
Finally, remember, that the most important step in a zero trust transformation has nothing to do with technology. Rather, it’s about understanding, learning and taking the right decisions for the future.
About the author
Panos Zarkadakis
Head of Security Architecture, Swisscom
Panos works for more than ten years at Swisscom, the largest Swiss ICT provider. He is responsible for Swisscom’s security architecture, a key critical infrastructure in Switzerland. In his more than 30 years of professional experience, he has worked in a wide variety of industries, including banks, government and insurance companies. In addition to his studies in computer science and information security, he completed his management training at MIT in Boston.
His passion lies in the interaction between people and technology in order to create more security and reliability for citizens and customers in the digital world.